US20200334048A1 - Method for securely configuring an information system - Google Patents
Method for securely configuring an information system Download PDFInfo
- Publication number
- US20200334048A1 US20200334048A1 US16/921,101 US202016921101A US2020334048A1 US 20200334048 A1 US20200334048 A1 US 20200334048A1 US 202016921101 A US202016921101 A US 202016921101A US 2020334048 A1 US2020334048 A1 US 2020334048A1
- Authority
- US
- United States
- Prior art keywords
- file system
- image
- hash
- computer readable
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000015654 memory Effects 0.000 claims abstract description 54
- 238000012545 processing Methods 0.000 claims description 20
- 230000002085 persistent effect Effects 0.000 abstract description 14
- 238000004422 calculation algorithm Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 7
- 230000002093 peripheral effect Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000012550 audit Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 239000000872 buffer Substances 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 239000004020 conductor Substances 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 241000699666 Mus <mouse, genus> Species 0.000 description 1
- 241000699670 Mus sp. Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000007853 buffer solution Substances 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- APTZNLHMIGJTEW-UHFFFAOYSA-N pyraflufen-ethyl Chemical compound C1=C(Cl)C(OCC(=O)OCC)=CC(C=2C(=C(OC(F)F)N(C)N=2)Cl)=C1F APTZNLHMIGJTEW-UHFFFAOYSA-N 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Definitions
- the present disclosure relates generally to configuring an Operating System (OS) of a computer system and, more specifically, to securely configuring the OS during a booting processing of a kernel image of the OS.
- OS Operating System
- the present disclosure is directed to a system for configuring an information computing machine during execution of a kernel image.
- the system can include a storage resource and a processor that is communicatively coupled to the storage resource, wherein the processor executes application code instruction that are stored in the storage resource to cause the system to create a file system from a base file system image in system memory of the information computing system.
- the system can apply configuration files from a bundle image to the file system in memory, and copy files from a persistent file system stored in the storage resource to memory.
- the system can also validate the files from the persistent file system and apply validated files to the file system in memory.
- the present disclosure is directed to a computer aided method of a system for configuring an information computing system during execution of a kernel image.
- the method includes creating a file system from a base file system image in system memory of the information computing system and applying configuration files from a bundle image to the file system in memory.
- the method further includes copying files from a persistent file system stored in the storage resource to memory and validating the files from the persistent file system.
- the method also includes applying validated files to the file system in memory.
- the present disclosure is directed to a non-transitory computer readable medium containing computer readable instructions for configuring an information computing machine, where the computer-readable instructions comprising instructions for causing the computing machine to create a file system from a base file system image in system memory of the information computing system.
- the instructions further cause the computing machine to apply configuration files from a bundle image to the file system in memory and to copy files from a persistent file system stored in the storage resource to memory.
- the instructions cause the computing machine to validate the files from the persistent file system and apply validated files to the file system in memory.
- the base file system image can be verified by comparing a signed hash of the image with a hash generated by the initial file system image and checking the hash signature against a public certificate included in the initial file system.
- the bundle image can be verified by comparing a signed hash of the image with a hash generated by the initial file system image and checking the hash signature against a public certificate included in the initial file system.
- the bundle image can be further verified by determining if the hash has been signed by an administrator.
- the base file system image can be retrieved from a local storage resource or from a remote storage resource.
- the bundle image can be retrieved from a local storage resource or a from a remote storage resource, and the system or method can execute /sbin/init and start application services.
- FIG. 1 is a block diagram of a system for booting an operating system, in accordance to certain example embodiments
- FIG. 2 is a flow diagram of an algorithm for configuring an operating system during execution of a kernel image, according to certain example embodiments.
- FIG. 3 is a block diagram depicting a computing machine and system applications, in accordance with certain example embodiments.
- the system 10 comprises a Basic Input Output Operating System (BIOS) 12 , a boot loader 14 , a kernel image 16 , an initial file system 18 , a memory module 20 , a persistent file system 22 , and system service applications 24 .
- BIOS 12 receive a boot command and, in response, launches a boot loader 14 .
- the boot loader 14 launches a kernel image 16 .
- the boot loader 14 and kernel image 16 can be provided from a trusted source approved for execution on a hardware platform executing the BIOS 12 and only responds to execution commands from a trusted source.
- the kernel image 16 launches the initial file system 18 .
- the initial file system 18 comprises a memory file system module 26 , a base file system image 28 , and a configuration bundle image 30 .
- the memory file system module 26 extracts a file system from the base file system from image 28 and installs the file system into the memory module 20 .
- the memory file system module 26 further extracts configuration files from configuration bundle image 30 and installs the configuration files into the base file system.
- the files installed on the file system in memory 20 can include pre-approved system space binaries, and also user space binaries, and configurations files.
- the initial file system 18 further mounts the persistent file system 22 and either copies or moves files, e.g. all or select system binaries and configuration files, from the mounted file system to the base file system in memory 20 .
- the memory file system module 26 can cause /sbin/init to be executed if the audit passes inspection or halt further operation of the system 10 if the audit doesn't pass inspection.
- the OS system application services are executed.
- the memory file system module 26 can read from the kernel command line to identify where to retrieve the base file system image 28 .
- the base file system image 28 can exist on disk or it can be retrieved from a remote system.
- the initial file system 18 can compute a hash of the base file system image 28 and verify it by comparing the hash against a hash generated from keys and certificates preinstalled with the initial file system 18 . If the base file system image 28 is validated, then it can be extracted and the in-memory file system created and the base file system installed.
- the base file system image 28 can be built in the factory and, as such, is immutable and can also be updated over a secure network, e.g. a peer-to-peer network, to include updates including relevant and trusted OS updates.
- a secure network e.g. a peer-to-peer network
- the installed binaries and configurations files are certain to be trusted application services.
- binaries and configurations files installed on the system 10 , binaries and configurations from system images and from persisted file system 22 can only be audited as trusted before the system service applications 24 can actually be executed. So, if any changes occur to the binaries and configurations files on the persistent file system 30 , or at least a subset of the files, in order for the changes to be permanently effected by the initial file system 18 would require those changes to pass the audit phase.
- the whitelist can be a static file that can be built at the factory. If the base image 28 , configuration bundle 30 , and the file system 22 contains files that are not in the whitelist the system will raise an error and reboot.
- the configuration bundle image 30 can be built and signed by designated system and security administrators on the system 10 .
- the bundle image 30 can be an archive that contains the following items; alch.tar; secadmin.crt; secadmin.sig; secadmin.txt; sysadmin crt; sysadmin.sig; sysadmin txt.
- the crt, sig, and txt files can be used to ensure the alch.tar file has not been tampered with. This can be achieved by taking a hash of the alch.tar and having both system and security administrators digitally sign the hash.
- the alch.tar can be the configuration.
- the additional system files can be 3 rd party provided files that can be generated using a markup language other than YAML. Examples include: CDS rule files; certificates; XCCDF Benchmarks; etc. YAML, in this embodiment, can be used to describe the system and how it should be configured.
- the counter.txt can be used to track the version of the configuration bundle. It can be incremented each time a configuration bundle is built and signed, and can be used to prevent rolling back the system to an old configuration.
- the configuration bundle can be processed each and every time that the system boots, or in other suitable manners.
- cleanup can occur. This can include running AIDE, applying permissions, setting up SELinux, or anything else that needs to happen to the in-memory file system.
- the in-memory file system will become the real file system and the system will finish booting and enter into the running state.
- FIG. 2 is a flow diagram of an algorithm for configuring an information computing system during execution of a kernel image, according to certain example embodiments, denoted generally as 100 .
- the algorithm 100 begins at block 102 by verifying the base file system image 28 , such as by comparing a signed hash of the image with a hash generated by the initial file system and checking the hash signature against a public certificate included in the initial file system in other suitable manners.
- the algorithm 100 continues to block 104 , where it verifies the bundle image 30 by comparing a signed hash of the image with a hash generated by the initial file system and checking the hash signature against a public certificate included in the initial filesystem.
- the algorithm 100 continues, block 106 , by creating a file system from the base file system image in system memory of the information computing system.
- the algorithm 100 further continues, block 108 , by applying binary and configuration files from the bundle image to the file system in memory.
- the algorithm 100 continues by copying files from a persistent file system stored in the storage resource to memory.
- the algorithm 100 further continues, block 112 , by validating the files from the persistent file system.
- the algorithm 100 continues, block 114 , by applying validated files to the file system in memory.
- the algorithm 100 continues by executing /sbin/init and starting application services.
- FIG. 3 is a computing machine 200 and a system applications module 300 in accordance with example embodiments.
- the computing machine 200 can correspond to any of the various computers, mobile devices, laptop computers, servers, embedded systems, or computing systems presented herein.
- the module 300 can comprise one or more hardware or software elements that are configured to facilitate the computing machine 200 in performing the various methods and processing functions presented herein.
- the computing machine 200 can include various internal or attached components such as a processor 210 , system bus 220 , system memory 230 , storage media 240 , input/output interface 250 , and a network interface 260 for communicating with a network 270 .
- the computing machine 200 can be implemented as a conventional computer system, an embedded controller, a laptop, a server, a mobile device, a smartphone, a wearable computer, a customized machine, any other suitable hardware platform, or any combination or multiplicity thereof.
- the computing machine 200 can be a distributed system configured to function using multiple computing machines interconnected via a data network or bus system.
- the processor 210 can be configured to execute code instructions in order to perform the operations and functionality described herein, manage request flow and address mappings, and to perform calculations and generate commands.
- the processor 210 can be configured to monitor and control the operation of the components in the computing machine 200 .
- the processor 210 can be a general purpose processor, a processor core, a multiprocessor, a reconfigurable processor, a microcontroller, a digital signal processor (“DSP”), an application specific integrated circuit (“ASIC”), a controller, a state machine, gated logic, discrete hardware components, any other suitable processing unit, or any combination or multiplicity thereof.
- DSP digital signal processor
- ASIC application specific integrated circuit
- the processor 210 can be a single processing unit, multiple processing units, a single processing core, multiple processing cores, special purpose processing cores, co-processors, or any combination thereof. According to certain embodiments, the processor 210 along with other components of the computing machine 200 can be a virtualized computing machine executing within one or more other computing machines.
- the system memory 230 can include non-volatile memories such as read-only memory (“ROM”), programmable read-only memory (“PROM”), erasable programmable read-only memory (“EPROM”), flash memory, or any other suitable device capable of storing program instructions or data with or without applied power.
- ROM read-only memory
- PROM programmable read-only memory
- EPROM erasable programmable read-only memory
- flash memory or any other suitable device capable of storing program instructions or data with or without applied power.
- the system memory 230 can also include volatile memories such as random access memory (“RAM”), static random access memory (“SRAM”), dynamic random access memory (“DRAM”), and synchronous dynamic random access memory (“SDRAM”). Other types of RAM also can be used to implement the system memory 230 .
- RAM random access memory
- SRAM static random access memory
- DRAM dynamic random access memory
- SDRAM synchronous dynamic random access memory
- Other types of RAM also can be used to implement the system memory 230 .
- system memory 230 is depicted as being part of the computing machine 200 , one skilled in the art will recognize that the system memory 230 can be separate from the computing machine 200 without departing from the scope of the subject technology. It should also be appreciated that the system memory 230 can include, or operate in conjunction with, a non-volatile storage device such as the storage media 240 .
- the storage media 240 can include a hard disk, a floppy disk, a compact disc read-only memory (“CD-ROM”), a digital versatile disc (“DVD”), a Blu-ray disc, a magnetic tape, a flash memory, other non-volatile memory device, a solid state drive (“SSD”), any suitable magnetic storage device, any suitable optical storage device, any suitable electrical storage device, any suitable semiconductor storage device, any suitable physical-based storage device, any other suitable data storage device, or any combination or multiplicity thereof.
- the storage media 240 can store one or more operating systems, application programs and program modules such as module 300 , data, or any other suitable information.
- the storage media 240 can be part of, or connected to, the computing machine 200 .
- the storage media 240 can also be part of one or more other computing machines that are in communication with the computing machine 200 such as servers, database servers, cloud storage, network attached storage, and so forth.
- the system applications module 300 can comprise one or more hardware or software elements configured to facilitate the computing machine 200 with performing the various methods and processing functions presented herein.
- the module 300 can include one or more sequences of instructions stored as software or firmware in association with the system memory 230 , the storage media 240 , or both.
- the storage media 240 can therefore represent examples of machine or computer readable media on which instructions or code can be stored for execution by the processor 210 .
- Machine or computer readable media can generally refer to any suitable medium or media used to provide instructions to the processor 210 .
- Such machine or computer readable media associated with the module 300 can comprise a computer software product.
- a computer software product comprising the module 300 can also be associated with one or more processes or methods for delivering the module 300 to the computing machine 200 via the network 270 , any suitable signal-bearing medium, or any other suitable communication or delivery technology.
- the module 300 can also comprise hardware circuits or information for configuring hardware circuits such as microcode or configuration information for an FPGA or other PLD.
- the input/output (“I/O”) interface 250 can be configured to couple to one or more external devices, to receive data from the one or more external devices, and to send data to the one or more external devices. Such external devices along with the various internal devices can also be known as peripheral devices.
- the I/O interface 250 can include both electrical and physical connections for coupling the various peripheral devices to the computing machine 200 or the processor 210 .
- the I/O interface 250 can be configured to communicate data, addresses, and control signals between the peripheral devices, the computing machine 200 , or the processor 210 .
- the I/O interface 250 can be configured to implement any suitable standard interface, such as small computer system interface (“SCSI”), serial-attached SCSI (“SAS”), fiber channel, peripheral component interconnect (“PCI”), PCI express (PCIe), serial bus, parallel bus, advanced technology attached (“ATA”), serial ATA (“SATA”), universal serial bus (“USB”), Thunderbolt, FireWire, various video buses, and the like.
- SCSI small computer system interface
- SAS serial-attached SCSI
- PCIe peripheral component interconnect
- PCIe PCI express
- serial bus parallel bus
- ATA advanced technology attached
- SATA serial ATA
- USB universal serial bus
- Thunderbolt FireWire
- the I/O interface 250 can be configured to implement only one interface or bus technology.
- the I/O interface 250 can be configured to implement multiple interfaces or bus technologies.
- the I/O interface 250 can be configured as part of, all of, or to operate in conjunction with, the system bus 220 .
- the I/O interface 250 can
- the I/O interface 250 can couple the computing machine 200 to various input devices including mice, touch-screens, scanners, electronic digitizers, sensors, receivers, touchpads, trackballs, cameras, microphones, keyboards, any other suitable pointing devices, or any combinations thereof.
- the I/O interface 250 can couple the computing machine 200 to various output devices including video displays, speakers, printers, projectors, tactile feedback devices, automation control, robotic components, actuators, motors, fans, solenoids, valves, pumps, transmitters, signal emitters, lights, and so forth.
- the computing machine 200 can operate in a networked environment using logical connections through the network interface 260 to one or more other systems or computing machines across the network 270 .
- the network 270 can include wide area networks (WAN), local area networks (LAN), intranets, the Internet, wireless access networks, wired networks, mobile networks, telephone networks, optical networks, or combinations thereof.
- the network 270 can be packet switched, circuit switched, of any suitable topology, and can use any suitable communication protocol. Communication links within the network 270 can involve various digital or an analog communication media such as fiber optic cables, free-space optics, waveguides, electrical conductors, wireless links, antennas, radio-frequency communications, and so forth.
- the processor 210 can be connected to the other elements of the computing machine 200 or the various peripherals discussed herein through the system bus 220 . It should be appreciated that the system bus 220 can be within the processor 210 , outside the processor 210 , or both. According to some embodiments, any of the processor 210 , the other elements of the computing machine 200 , or the various peripherals discussed herein can be integrated into a single device such as a system on chip (“SOC”), system on package (“SOP”), or ASIC device.
- SOC system on chip
- SOP system on package
- ASIC application specific integrated circuit
- Embodiments may comprise a computer program that embodies the functions described and illustrated herein, wherein the computer program is implemented in a computer system that comprises instructions stored in a machine-readable medium and a processor that executes the instructions.
- the embodiments should not be construed as limited to any one set of computer program instructions unless otherwise disclosed for an exemplary embodiment.
- a skilled programmer would be able to write such a computer program to implement an embodiment of the disclosed embodiments based on the appended flow charts, algorithms and associated description in the application text. Therefore, disclosure of a particular set of program code instructions is not considered necessary for an adequate understanding of how to make and use embodiments.
- the example embodiments described herein can be used with computer hardware and software that perform the methods and processing functions described previously.
- the systems, methods, and procedures described herein can be embodied in a programmable computer, computer-executable software, or digital circuitry.
- the software can be stored on computer-readable media.
- computer-readable media can include a floppy disk, RAM, ROM, hard disk, removable media, flash memory, memory stick, optical media, magneto-optical media, CD-ROM, etc.
- Digital circuitry can include integrated circuits, gate arrays, building block logic, field programmable gate arrays (FPGA), etc.
- “hardware” can include a combination of discrete components, an integrated circuit, an application-specific integrated circuit, a field programmable gate array, or other suitable hardware.
- “software” can include one or more objects, agents, threads, lines of code, subroutines, separate software applications, two or more lines of code or other suitable software structures operating in two or more software applications, on one or more processors (where a processor includes one or more microcomputers or other suitable data processing units, memory devices, input-output devices, displays, data input devices such as a keyboard or a mouse, peripherals such as printers and speakers, associated drivers, control cards, power sources, network devices, docking station devices, or other suitable devices operating under control of software systems in conjunction with the processor or other devices), or other suitable software structures.
- software can include one or more lines of code or other suitable software structures operating in a general purpose software application, such as an operating system, and one or more lines of code or other suitable software structures operating in a specific purpose software application.
- the term “couple” and its cognate terms, such as “couples” and “coupled,” can include a physical connection (such as a copper conductor), a virtual connection (such as through randomly assigned memory locations of a data memory device), a logical connection (such as through logical gates of a semiconducting device), other suitable connections, or a suitable combination of such connections.
- data can refer to a suitable structure for using, conveying or storing data, such as a data field, a data buffer, a data message having the data value and sender/receiver address data, a control message having the data value and one or more operators that cause the receiving system or component to perform a function using the data, or other suitable hardware or software components for the electronic processing of data.
- a software system is a system that operates on a processor to perform predetermined functions in response to predetermined data fields.
- a system can be defined by the function it performs and the data fields that it performs the function on.
- a NAME system where NAME is typically the name of the general function that is performed by the system, refers to a software system that is configured to operate on a processor and to perform the disclosed function on the disclosed data fields. Unless a specific algorithm is disclosed, then any suitable algorithm that would be known to one of skill in the art for performing the function using the associated data fields is contemplated as falling within the scope of the disclosure.
- a message system that generates a message that includes a sender address field, a recipient address field and a message field would encompass software operating on a processor that can obtain the sender address field, recipient address field and message field from a suitable system or device of the processor, such as a buffer device or buffer system, can assemble the sender address field, recipient address field and message field into a suitable electronic message format (such as an electronic mail message, a TCP/IP message or any other suitable message format that has a sender address field, a recipient address field and message field), and can transmit the electronic message using electronic messaging systems and devices of the processor over a communications medium, such as a network.
- a suitable electronic message format such as an electronic mail message, a TCP/IP message or any other suitable message format that has a sender address field, a recipient address field and message field
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
Abstract
Description
- The present disclosure relates generally to configuring an Operating System (OS) of a computer system and, more specifically, to securely configuring the OS during a booting processing of a kernel image of the OS.
- Traditionally, computer systems are configured after the booting process when the disk partitions have been fully mounted and an operating system has been handed over control of a processor by a kernel image of the boot process. Configurations, however, are either done manually or automatically using an automated solution, such as Puppet, Chef, Ansible, and Saltstack. During runtime, configuration typically requires root access, which can lead to malformed configurations and malicious configurations. Either of these can lead to a compromised computer system.
- In one aspect, the present disclosure is directed to a system for configuring an information computing machine during execution of a kernel image. The system can include a storage resource and a processor that is communicatively coupled to the storage resource, wherein the processor executes application code instruction that are stored in the storage resource to cause the system to create a file system from a base file system image in system memory of the information computing system. The system can apply configuration files from a bundle image to the file system in memory, and copy files from a persistent file system stored in the storage resource to memory. The system can also validate the files from the persistent file system and apply validated files to the file system in memory.
- In another aspect, the present disclosure is directed to a computer aided method of a system for configuring an information computing system during execution of a kernel image. The method includes creating a file system from a base file system image in system memory of the information computing system and applying configuration files from a bundle image to the file system in memory. The method further includes copying files from a persistent file system stored in the storage resource to memory and validating the files from the persistent file system. The method also includes applying validated files to the file system in memory.
- In yet another aspect, the present disclosure is directed to a non-transitory computer readable medium containing computer readable instructions for configuring an information computing machine, where the computer-readable instructions comprising instructions for causing the computing machine to create a file system from a base file system image in system memory of the information computing system. The instructions further cause the computing machine to apply configuration files from a bundle image to the file system in memory and to copy files from a persistent file system stored in the storage resource to memory. In addition, the instructions cause the computing machine to validate the files from the persistent file system and apply validated files to the file system in memory.
- In other embodiments of the aspects, the base file system image can be verified by comparing a signed hash of the image with a hash generated by the initial file system image and checking the hash signature against a public certificate included in the initial file system. The bundle image can be verified by comparing a signed hash of the image with a hash generated by the initial file system image and checking the hash signature against a public certificate included in the initial file system. The bundle image can be further verified by determining if the hash has been signed by an administrator. The base file system image can be retrieved from a local storage resource or from a remote storage resource. The bundle image can be retrieved from a local storage resource or a from a remote storage resource, and the system or method can execute /sbin/init and start application services.
- For a more complete understanding of the features and advantages of the present disclosure, reference is now made to the detailed description along with the accompanying figures in which corresponding numerals in the different figures refer to corresponding parts and in which:
-
FIG. 1 is a block diagram of a system for booting an operating system, in accordance to certain example embodiments; -
FIG. 2 is a flow diagram of an algorithm for configuring an operating system during execution of a kernel image, according to certain example embodiments; and -
FIG. 3 is a block diagram depicting a computing machine and system applications, in accordance with certain example embodiments. - While the making and using of various embodiments of the present disclosure are discussed in detail below, it should be appreciated that the present disclosure provides many applicable inventive concepts, which can be embodied in a wide variety of specific contexts. The specific embodiments discussed herein are merely illustrative and do not delimit the scope of the present disclosure. In the interest of clarity, not all features of an actual implementation may be described in the present disclosure. It will of course be appreciated that in the development of any such actual embodiment, numerous implementation-specific decisions must be made to achieve the developer's specific goals, such as compliance with system-related and business-related constraints, which will vary from one implementation to another. Moreover, it will be appreciated that such a development effort might be complex and time-consuming but would be a routine undertaking for those of ordinary skill in the art having the benefit of this disclosure.
- Currently, there is nothing that exists that allows a serviceless daemon, i.e. a process detached from a running operating system, to validate and securely apply a system configuration to an operating system during the booting process. The present disclosure provides solutions wherein validated and verified system configurations are performed during the boot process prior to the actual operating system being executed.
- Referring to
FIG. 1 , illustrated is a system for booting an operating system, according to certain example embodiments, denoted generally as 10. Thesystem 10 comprises a Basic Input Output Operating System (BIOS) 12, aboot loader 14, akernel image 16, aninitial file system 18, amemory module 20, apersistent file system 22, andsystem service applications 24. In the embodiment,BIOS 12 receive a boot command and, in response, launches aboot loader 14. Theboot loader 14 launches akernel image 16. Theboot loader 14 andkernel image 16, or only thekernel image 16, can be provided from a trusted source approved for execution on a hardware platform executing theBIOS 12 and only responds to execution commands from a trusted source. In a trusted environment, thekernel image 16 launches theinitial file system 18. - The
initial file system 18 comprises a memoryfile system module 26, a basefile system image 28, and aconfiguration bundle image 30. The memoryfile system module 26 extracts a file system from the base file system fromimage 28 and installs the file system into thememory module 20. The memoryfile system module 26 further extracts configuration files fromconfiguration bundle image 30 and installs the configuration files into the base file system. The files installed on the file system inmemory 20 can include pre-approved system space binaries, and also user space binaries, and configurations files. Theinitial file system 18 further mounts thepersistent file system 22 and either copies or moves files, e.g. all or select system binaries and configuration files, from the mounted file system to the base file system inmemory 20. After performing an audit between the pre-approved installed in-memory files and the files installed from the mounted file system, the memoryfile system module 26 can cause /sbin/init to be executed if the audit passes inspection or halt further operation of thesystem 10 if the audit doesn't pass inspection. In response to the execution of /sbin/init, the OS system application services are executed. - In this embodiment, once the
kernel image 16 has been booted and control is given to theinitial file system 18, the memoryfile system module 26 can read from the kernel command line to identify where to retrieve the basefile system image 28. The basefile system image 28 can exist on disk or it can be retrieved from a remote system. Once the basesystem file image 26 has been retrieved it can be validated by theinitial file system 18. Theinitial file system 18 can compute a hash of the basefile system image 28 and verify it by comparing the hash against a hash generated from keys and certificates preinstalled with theinitial file system 18. If the basefile system image 28 is validated, then it can be extracted and the in-memory file system created and the base file system installed. - The base
file system image 28 can be built in the factory and, as such, is immutable and can also be updated over a secure network, e.g. a peer-to-peer network, to include updates including relevant and trusted OS updates. In this manner, the installed binaries and configurations files are certain to be trusted application services. In other words, binaries and configurations files installed on thesystem 10, binaries and configurations from system images and from persistedfile system 22, can only be audited as trusted before thesystem service applications 24 can actually be executed. So, if any changes occur to the binaries and configurations files on thepersistent file system 30, or at least a subset of the files, in order for the changes to be permanently effected by theinitial file system 18 would require those changes to pass the audit phase. I.e., files in thebase image 28,configuration bundle 30 and thepersistent file system 22, or a subset, are validated against a whitelist. The whitelist can be a static file that can be built at the factory. If thebase image 28,configuration bundle 30, and thefile system 22 contains files that are not in the whitelist the system will raise an error and reboot. - The
configuration bundle image 30 can be built and signed by designated system and security administrators on thesystem 10. Thebundle image 30 can be an archive that contains the following items; alch.tar; secadmin.crt; secadmin.sig; secadmin.txt; sysadmin crt; sysadmin.sig; sysadmin txt. The crt, sig, and txt files can be used to ensure the alch.tar file has not been tampered with. This can be achieved by taking a hash of the alch.tar and having both system and security administrators digitally sign the hash. The alch.tar can be the configuration. It can contain the following items: additional system files; YAML (Yet Another Extensible Markup Language); and counter.txt. The additional system files can be 3rd party provided files that can be generated using a markup language other than YAML. Examples include: CDS rule files; certificates; XCCDF Benchmarks; etc. YAML, in this embodiment, can be used to describe the system and how it should be configured. The counter.txt can be used to track the version of the configuration bundle. It can be incremented each time a configuration bundle is built and signed, and can be used to prevent rolling back the system to an old configuration. The configuration bundle can be processed each and every time that the system boots, or in other suitable manners. - After the configuration bundle has successfully been applied to the non-running system, cleanup can occur. This can include running AIDE, applying permissions, setting up SELinux, or anything else that needs to happen to the in-memory file system. Upon completion, the in-memory file system will become the real file system and the system will finish booting and enter into the running state.
-
FIG. 2 is a flow diagram of an algorithm for configuring an information computing system during execution of a kernel image, according to certain example embodiments, denoted generally as 100. Thealgorithm 100 begins atblock 102 by verifying the basefile system image 28, such as by comparing a signed hash of the image with a hash generated by the initial file system and checking the hash signature against a public certificate included in the initial file system in other suitable manners. Thealgorithm 100 continues to block 104, where it verifies thebundle image 30 by comparing a signed hash of the image with a hash generated by the initial file system and checking the hash signature against a public certificate included in the initial filesystem. Thealgorithm 100 continues, block 106, by creating a file system from the base file system image in system memory of the information computing system. Thealgorithm 100 further continues, block 108, by applying binary and configuration files from the bundle image to the file system in memory. Atblock 110, thealgorithm 100 continues by copying files from a persistent file system stored in the storage resource to memory. Thealgorithm 100 further continues, block 112, by validating the files from the persistent file system. Thealgorithm 100 continues, block 114, by applying validated files to the file system in memory. Atblock 116, thealgorithm 100 continues by executing /sbin/init and starting application services. -
FIG. 3 is acomputing machine 200 and asystem applications module 300 in accordance with example embodiments. Thecomputing machine 200 can correspond to any of the various computers, mobile devices, laptop computers, servers, embedded systems, or computing systems presented herein. Themodule 300 can comprise one or more hardware or software elements that are configured to facilitate thecomputing machine 200 in performing the various methods and processing functions presented herein. Thecomputing machine 200 can include various internal or attached components such as aprocessor 210,system bus 220,system memory 230,storage media 240, input/output interface 250, and anetwork interface 260 for communicating with anetwork 270. - The
computing machine 200 can be implemented as a conventional computer system, an embedded controller, a laptop, a server, a mobile device, a smartphone, a wearable computer, a customized machine, any other suitable hardware platform, or any combination or multiplicity thereof. Thecomputing machine 200 can be a distributed system configured to function using multiple computing machines interconnected via a data network or bus system. - The
processor 210 can be configured to execute code instructions in order to perform the operations and functionality described herein, manage request flow and address mappings, and to perform calculations and generate commands. Theprocessor 210 can be configured to monitor and control the operation of the components in thecomputing machine 200. Theprocessor 210 can be a general purpose processor, a processor core, a multiprocessor, a reconfigurable processor, a microcontroller, a digital signal processor (“DSP”), an application specific integrated circuit (“ASIC”), a controller, a state machine, gated logic, discrete hardware components, any other suitable processing unit, or any combination or multiplicity thereof. Theprocessor 210 can be a single processing unit, multiple processing units, a single processing core, multiple processing cores, special purpose processing cores, co-processors, or any combination thereof. According to certain embodiments, theprocessor 210 along with other components of thecomputing machine 200 can be a virtualized computing machine executing within one or more other computing machines. - The
system memory 230 can include non-volatile memories such as read-only memory (“ROM”), programmable read-only memory (“PROM”), erasable programmable read-only memory (“EPROM”), flash memory, or any other suitable device capable of storing program instructions or data with or without applied power. Thesystem memory 230 can also include volatile memories such as random access memory (“RAM”), static random access memory (“SRAM”), dynamic random access memory (“DRAM”), and synchronous dynamic random access memory (“SDRAM”). Other types of RAM also can be used to implement thesystem memory 230. Thesystem memory 230 can be implemented using a single memory module or multiple memory modules. While thesystem memory 230 is depicted as being part of thecomputing machine 200, one skilled in the art will recognize that thesystem memory 230 can be separate from thecomputing machine 200 without departing from the scope of the subject technology. It should also be appreciated that thesystem memory 230 can include, or operate in conjunction with, a non-volatile storage device such as thestorage media 240. - The
storage media 240 can include a hard disk, a floppy disk, a compact disc read-only memory (“CD-ROM”), a digital versatile disc (“DVD”), a Blu-ray disc, a magnetic tape, a flash memory, other non-volatile memory device, a solid state drive (“SSD”), any suitable magnetic storage device, any suitable optical storage device, any suitable electrical storage device, any suitable semiconductor storage device, any suitable physical-based storage device, any other suitable data storage device, or any combination or multiplicity thereof. Thestorage media 240 can store one or more operating systems, application programs and program modules such asmodule 300, data, or any other suitable information. Thestorage media 240 can be part of, or connected to, thecomputing machine 200. Thestorage media 240 can also be part of one or more other computing machines that are in communication with thecomputing machine 200 such as servers, database servers, cloud storage, network attached storage, and so forth. - The
system applications module 300 can comprise one or more hardware or software elements configured to facilitate thecomputing machine 200 with performing the various methods and processing functions presented herein. Themodule 300 can include one or more sequences of instructions stored as software or firmware in association with thesystem memory 230, thestorage media 240, or both. Thestorage media 240 can therefore represent examples of machine or computer readable media on which instructions or code can be stored for execution by theprocessor 210. Machine or computer readable media can generally refer to any suitable medium or media used to provide instructions to theprocessor 210. Such machine or computer readable media associated with themodule 300 can comprise a computer software product. It should be appreciated that a computer software product comprising themodule 300 can also be associated with one or more processes or methods for delivering themodule 300 to thecomputing machine 200 via thenetwork 270, any suitable signal-bearing medium, or any other suitable communication or delivery technology. Themodule 300 can also comprise hardware circuits or information for configuring hardware circuits such as microcode or configuration information for an FPGA or other PLD. - The input/output (“I/O”)
interface 250 can be configured to couple to one or more external devices, to receive data from the one or more external devices, and to send data to the one or more external devices. Such external devices along with the various internal devices can also be known as peripheral devices. The I/O interface 250 can include both electrical and physical connections for coupling the various peripheral devices to thecomputing machine 200 or theprocessor 210. The I/O interface 250 can be configured to communicate data, addresses, and control signals between the peripheral devices, thecomputing machine 200, or theprocessor 210. The I/O interface 250 can be configured to implement any suitable standard interface, such as small computer system interface (“SCSI”), serial-attached SCSI (“SAS”), fiber channel, peripheral component interconnect (“PCI”), PCI express (PCIe), serial bus, parallel bus, advanced technology attached (“ATA”), serial ATA (“SATA”), universal serial bus (“USB”), Thunderbolt, FireWire, various video buses, and the like. The I/O interface 250 can be configured to implement only one interface or bus technology. Alternatively, the I/O interface 250 can be configured to implement multiple interfaces or bus technologies. The I/O interface 250 can be configured as part of, all of, or to operate in conjunction with, thesystem bus 220. The I/O interface 250 can include one or more buffers for buffering transmissions between one or more external devices, internal devices, thecomputing machine 200, or theprocessor 210. - The I/
O interface 250 can couple thecomputing machine 200 to various input devices including mice, touch-screens, scanners, electronic digitizers, sensors, receivers, touchpads, trackballs, cameras, microphones, keyboards, any other suitable pointing devices, or any combinations thereof. The I/O interface 250 can couple thecomputing machine 200 to various output devices including video displays, speakers, printers, projectors, tactile feedback devices, automation control, robotic components, actuators, motors, fans, solenoids, valves, pumps, transmitters, signal emitters, lights, and so forth. - The
computing machine 200 can operate in a networked environment using logical connections through thenetwork interface 260 to one or more other systems or computing machines across thenetwork 270. Thenetwork 270 can include wide area networks (WAN), local area networks (LAN), intranets, the Internet, wireless access networks, wired networks, mobile networks, telephone networks, optical networks, or combinations thereof. Thenetwork 270 can be packet switched, circuit switched, of any suitable topology, and can use any suitable communication protocol. Communication links within thenetwork 270 can involve various digital or an analog communication media such as fiber optic cables, free-space optics, waveguides, electrical conductors, wireless links, antennas, radio-frequency communications, and so forth. - The
processor 210 can be connected to the other elements of thecomputing machine 200 or the various peripherals discussed herein through thesystem bus 220. It should be appreciated that thesystem bus 220 can be within theprocessor 210, outside theprocessor 210, or both. According to some embodiments, any of theprocessor 210, the other elements of thecomputing machine 200, or the various peripherals discussed herein can be integrated into a single device such as a system on chip (“SOC”), system on package (“SOP”), or ASIC device. - Embodiments may comprise a computer program that embodies the functions described and illustrated herein, wherein the computer program is implemented in a computer system that comprises instructions stored in a machine-readable medium and a processor that executes the instructions. However, it should be apparent that there could be many different ways of implementing embodiments in computer programming, and the embodiments should not be construed as limited to any one set of computer program instructions unless otherwise disclosed for an exemplary embodiment. Further, a skilled programmer would be able to write such a computer program to implement an embodiment of the disclosed embodiments based on the appended flow charts, algorithms and associated description in the application text. Therefore, disclosure of a particular set of program code instructions is not considered necessary for an adequate understanding of how to make and use embodiments. Further, those skilled in the art will appreciate that one or more aspects of embodiments described herein may be performed by hardware, software, or a combination thereof, as may be embodied in one or more computing systems. Moreover, any reference to an act being performed by a computer should not be construed as being performed by a single computer as more than one computer may perform the act.
- The example embodiments described herein can be used with computer hardware and software that perform the methods and processing functions described previously. The systems, methods, and procedures described herein can be embodied in a programmable computer, computer-executable software, or digital circuitry. The software can be stored on computer-readable media. For example, computer-readable media can include a floppy disk, RAM, ROM, hard disk, removable media, flash memory, memory stick, optical media, magneto-optical media, CD-ROM, etc. Digital circuitry can include integrated circuits, gate arrays, building block logic, field programmable gate arrays (FPGA), etc.
- The example systems, methods, and acts described in the embodiments presented previously are illustrative, and, in alternative embodiments, certain acts can be performed in a different order, in parallel with one another, omitted entirely, and/or combined between different example embodiments, and/or certain additional acts can be performed, without departing from the scope and spirit of various embodiments. Accordingly, such alternative embodiments are included in the description herein.
- As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all suitable combinations of one or more of the associated listed items. As used herein, phrases such as “between X and Y” and “between about X and Y” should be interpreted to include X and Y. As used herein, phrases such as “between about X and Y” mean “between about X and about Y.” As used herein, phrases such as “from about X to Y” mean “from about X to about Y.”
- As used herein, “hardware” can include a combination of discrete components, an integrated circuit, an application-specific integrated circuit, a field programmable gate array, or other suitable hardware. As used herein, “software” can include one or more objects, agents, threads, lines of code, subroutines, separate software applications, two or more lines of code or other suitable software structures operating in two or more software applications, on one or more processors (where a processor includes one or more microcomputers or other suitable data processing units, memory devices, input-output devices, displays, data input devices such as a keyboard or a mouse, peripherals such as printers and speakers, associated drivers, control cards, power sources, network devices, docking station devices, or other suitable devices operating under control of software systems in conjunction with the processor or other devices), or other suitable software structures. In one exemplary embodiment, software can include one or more lines of code or other suitable software structures operating in a general purpose software application, such as an operating system, and one or more lines of code or other suitable software structures operating in a specific purpose software application. As used herein, the term “couple” and its cognate terms, such as “couples” and “coupled,” can include a physical connection (such as a copper conductor), a virtual connection (such as through randomly assigned memory locations of a data memory device), a logical connection (such as through logical gates of a semiconducting device), other suitable connections, or a suitable combination of such connections. The term “data” can refer to a suitable structure for using, conveying or storing data, such as a data field, a data buffer, a data message having the data value and sender/receiver address data, a control message having the data value and one or more operators that cause the receiving system or component to perform a function using the data, or other suitable hardware or software components for the electronic processing of data.
- In general, a software system is a system that operates on a processor to perform predetermined functions in response to predetermined data fields. For example, a system can be defined by the function it performs and the data fields that it performs the function on. As used herein, a NAME system, where NAME is typically the name of the general function that is performed by the system, refers to a software system that is configured to operate on a processor and to perform the disclosed function on the disclosed data fields. Unless a specific algorithm is disclosed, then any suitable algorithm that would be known to one of skill in the art for performing the function using the associated data fields is contemplated as falling within the scope of the disclosure. For example, a message system that generates a message that includes a sender address field, a recipient address field and a message field would encompass software operating on a processor that can obtain the sender address field, recipient address field and message field from a suitable system or device of the processor, such as a buffer device or buffer system, can assemble the sender address field, recipient address field and message field into a suitable electronic message format (such as an electronic mail message, a TCP/IP message or any other suitable message format that has a sender address field, a recipient address field and message field), and can transmit the electronic message using electronic messaging systems and devices of the processor over a communications medium, such as a network. One of ordinary skill in the art would be able to provide the specific coding for a specific application based on the foregoing disclosure, which is intended to set forth exemplary embodiments of the present disclosure, and not to provide a tutorial for someone having less than ordinary skill in the art, such as someone who is unfamiliar with programming or processors in a suitable programming language. A specific algorithm for performing a function can be provided in a flow chart form or in other suitable formats, where the data fields and associated functions can be set forth in an exemplary order of operations, where the order can be rearranged as suitable and is not intended to be limiting unless explicitly stated to be limiting.
- Although specific embodiments have been described above in detail, the description is merely for purposes of illustration. It should be appreciated, therefore, that many aspects described above are not intended as required or essential elements unless explicitly stated otherwise. Modifications of, and equivalent components or acts corresponding to, the disclosed aspects of the example embodiments, in addition to those described above, can be made by a person of ordinary skill in the art, having the benefit of the present disclosure, without departing from the spirit and scope of embodiments defined in the following claims, the scope of which is to be accorded the broadest interpretation so as to encompass such modifications and equivalent structures.
Claims (21)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/921,101 US11797313B2 (en) | 2017-11-29 | 2020-07-06 | Method for securely configuring an information system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/826,281 US10705855B2 (en) | 2017-11-29 | 2017-11-29 | Method for securely configuring an information system |
US16/921,101 US11797313B2 (en) | 2017-11-29 | 2020-07-06 | Method for securely configuring an information system |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/826,281 Continuation US10705855B2 (en) | 2017-11-29 | 2017-11-29 | Method for securely configuring an information system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200334048A1 true US20200334048A1 (en) | 2020-10-22 |
US11797313B2 US11797313B2 (en) | 2023-10-24 |
Family
ID=66633165
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/826,281 Active 2038-05-17 US10705855B2 (en) | 2017-11-29 | 2017-11-29 | Method for securely configuring an information system |
US16/921,101 Active 2039-01-09 US11797313B2 (en) | 2017-11-29 | 2020-07-06 | Method for securely configuring an information system |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/826,281 Active 2038-05-17 US10705855B2 (en) | 2017-11-29 | 2017-11-29 | Method for securely configuring an information system |
Country Status (1)
Country | Link |
---|---|
US (2) | US10705855B2 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11550918B2 (en) | 2019-12-12 | 2023-01-10 | Landis+Gyr Innovations, Inc. | Package-based remote firmware update |
CN113849859A (en) * | 2020-06-28 | 2021-12-28 | 中兴通讯股份有限公司 | Linux kernel modification method, terminal device and storage medium |
US11814154B2 (en) | 2020-08-31 | 2023-11-14 | General Electric Company | Pitch angles of an aircraft engine rotor assembly |
US20220292372A1 (en) * | 2021-03-10 | 2022-09-15 | Capital One Services, Llc | Methods and systems for processing approval requests using pre-authorized approval information in an application-independent processing system |
CN114860336B (en) * | 2022-05-06 | 2023-09-26 | 麒麟软件有限公司 | System auditing mode implementation method based on PXE and electronic equipment |
CN116186709B (en) * | 2022-12-27 | 2024-02-02 | 中科驭数(北京)科技有限公司 | Method, device and medium for unloading UEFI (unified extensible firmware interface) safe start based on virtualized VirtIO technology |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080244689A1 (en) * | 2007-03-30 | 2008-10-02 | Curtis Everett Dalton | Extensible Ubiquitous Secure Operating Environment |
WO2012054016A1 (en) * | 2010-10-19 | 2012-04-26 | Hewlett-Packard Development Company, L.P. | Methods and systems for generation of authorized virtual appliances |
WO2013101236A1 (en) * | 2011-12-31 | 2013-07-04 | Intel Corporation | Securing device environment for trust provisioning |
US20140006951A1 (en) * | 2010-11-30 | 2014-01-02 | Jeff Hunter | Content provision |
US20170109536A1 (en) * | 2015-10-15 | 2017-04-20 | Twistlock, Ltd. | Static detection of vulnerabilities in base images of software containers |
US20170116412A1 (en) * | 2015-10-01 | 2017-04-27 | Twistlock, Ltd. | Profiling of spawned processes in container images and enforcing security policies respective thereof |
US20170116415A1 (en) * | 2015-10-01 | 2017-04-27 | Twistlock, Ltd. | Profiling of container images and enforcing security policies respective thereof |
US20170187540A1 (en) * | 2015-10-15 | 2017-06-29 | Twistlock, Ltd. | Detection of vulnerable root certificates in software containers |
US20180052637A1 (en) * | 2016-08-18 | 2018-02-22 | Red Hat, Inc. | Efficient image file loading and garbage collection |
US20180121485A1 (en) * | 2016-10-28 | 2018-05-03 | Hewlett Packard Enterprise Development Lp | Container images |
US20180278639A1 (en) * | 2015-10-01 | 2018-09-27 | Twistlock, Ltd. | Dynamically adapted traffic inspection and filtering in containerized environments |
US20190028490A1 (en) * | 2017-07-21 | 2019-01-24 | Red Hat, Inc. | Container intrusion detection and prevention system |
US10938855B1 (en) * | 2017-06-23 | 2021-03-02 | Digi International Inc. | Systems and methods for automatically and securely provisioning remote computer network infrastructure |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9311475B2 (en) * | 2013-08-30 | 2016-04-12 | Vmware, Inc. | Trusted execution of binaries and modules |
US10592669B2 (en) * | 2016-06-23 | 2020-03-17 | Vmware, Inc. | Secure booting of computer system |
US11977456B2 (en) * | 2016-11-23 | 2024-05-07 | 2236008 Ontario Inc. | File system framework |
US10331892B2 (en) * | 2017-02-24 | 2019-06-25 | Dell Products L.P. | Systems and methods for secure boot and runtime tamper detection |
-
2017
- 2017-11-29 US US15/826,281 patent/US10705855B2/en active Active
-
2020
- 2020-07-06 US US16/921,101 patent/US11797313B2/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080244689A1 (en) * | 2007-03-30 | 2008-10-02 | Curtis Everett Dalton | Extensible Ubiquitous Secure Operating Environment |
WO2012054016A1 (en) * | 2010-10-19 | 2012-04-26 | Hewlett-Packard Development Company, L.P. | Methods and systems for generation of authorized virtual appliances |
US20140006951A1 (en) * | 2010-11-30 | 2014-01-02 | Jeff Hunter | Content provision |
WO2013101236A1 (en) * | 2011-12-31 | 2013-07-04 | Intel Corporation | Securing device environment for trust provisioning |
US20170116415A1 (en) * | 2015-10-01 | 2017-04-27 | Twistlock, Ltd. | Profiling of container images and enforcing security policies respective thereof |
US20170116412A1 (en) * | 2015-10-01 | 2017-04-27 | Twistlock, Ltd. | Profiling of spawned processes in container images and enforcing security policies respective thereof |
US20180278639A1 (en) * | 2015-10-01 | 2018-09-27 | Twistlock, Ltd. | Dynamically adapted traffic inspection and filtering in containerized environments |
US20170109536A1 (en) * | 2015-10-15 | 2017-04-20 | Twistlock, Ltd. | Static detection of vulnerabilities in base images of software containers |
US20170187540A1 (en) * | 2015-10-15 | 2017-06-29 | Twistlock, Ltd. | Detection of vulnerable root certificates in software containers |
US20180052637A1 (en) * | 2016-08-18 | 2018-02-22 | Red Hat, Inc. | Efficient image file loading and garbage collection |
US20180121485A1 (en) * | 2016-10-28 | 2018-05-03 | Hewlett Packard Enterprise Development Lp | Container images |
US10732951B2 (en) * | 2016-10-28 | 2020-08-04 | Hewlett Packard Enterprise Development Lp | Container images |
US10938855B1 (en) * | 2017-06-23 | 2021-03-02 | Digi International Inc. | Systems and methods for automatically and securely provisioning remote computer network infrastructure |
US20190028490A1 (en) * | 2017-07-21 | 2019-01-24 | Red Hat, Inc. | Container intrusion detection and prevention system |
Also Published As
Publication number | Publication date |
---|---|
US11797313B2 (en) | 2023-10-24 |
US10705855B2 (en) | 2020-07-07 |
US20190163502A1 (en) | 2019-05-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11797313B2 (en) | Method for securely configuring an information system | |
US11537409B2 (en) | System and method for managing system configuration data models | |
US10318736B2 (en) | Validating operating firmware of a periperhal device | |
US10656936B2 (en) | Systems and methods for software integrity validation using blockchain | |
US9965270B2 (en) | Updating computer firmware | |
US10055249B2 (en) | Automated compliance exception approval | |
US11416616B2 (en) | Secure boot chain for live boot systems | |
US10754955B2 (en) | Authenticating a boot path update | |
US8863109B2 (en) | Updating secure pre-boot firmware in a computing system in real-time | |
US11409884B2 (en) | Security profiling of system firmware and applications from an OOB appliance at a differentiated trust boundary | |
US11281768B1 (en) | Firmware security vulnerability verification service | |
US20220398321A1 (en) | Data management | |
US10255438B2 (en) | Operating system agnostic validation of firmware images | |
US9870472B2 (en) | Detecting malign code in unused firmware memory | |
US20210240491A1 (en) | System and method for runtime synchronization and authentication of pre-boot device drivers for a rescue operating system | |
US10936300B1 (en) | Live system updates | |
US10235194B1 (en) | Compatibility-based configuration of hardware with virtualization software | |
US8140835B2 (en) | Updating a basic input/output system (‘BIOS’) boot block security module in compute nodes of a multinode computer | |
US20210056208A1 (en) | Secure firmware update for device with low computing power | |
US20210240832A1 (en) | Systems and methods for automatic boot to authenticated external device | |
US11907373B2 (en) | Validation of fixed firmware profiles for information handling systems | |
US11509529B2 (en) | Switch component secure upgrade system | |
US11409541B2 (en) | Systems and methods for binding secondary operating system to platform basic input/output system | |
US10003463B2 (en) | Systems and methods for revoking and replacing signing keys | |
US11507666B2 (en) | Trusted execution environment verification of a software package |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FORCEPOINT LLC, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MALONE, MICKEY J., II;MINNIS, JACOB;REEL/FRAME:053125/0560 Effective date: 20171129 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT, NEW YORK Free format text: PATENT SECURITY AGREEMENT;ASSIGNORS:REDOWL ANALYTICS, INC.;FORCEPOINT LLC;REEL/FRAME:055052/0302 Effective date: 20210108 |
|
AS | Assignment |
Owner name: FORCEPOINT FEDERAL HOLDINGS LLC, TEXAS Free format text: CHANGE OF NAME;ASSIGNOR:FORCEPOINT LLC;REEL/FRAME:056216/0309 Effective date: 20210401 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
AS | Assignment |
Owner name: APOLLO ADMINISTRATIVE AGENCY LLC, AS COLLATERAL AGENT, NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:FORCEPOINT FEDERAL HOLDINGS LLC;REEL/FRAME:065086/0822 Effective date: 20230929 |
|
AS | Assignment |
Owner name: FORCEPOINT FEDERAL HOLDINGS LLC (F/K/A FORCEPOINT LLC), TEXAS Free format text: PARTIAL PATENT RELEASE AND REASSIGNMENT AT REEL/FRAME 055052/0302;ASSIGNOR:CREDIT SUISSE, AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT;REEL/FRAME:065103/0147 Effective date: 20230929 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: EVERFOX HOLDINGS LLC, VIRGINIA Free format text: CHANGE OF NAME;ASSIGNOR:FORCEPOINT FEDERAL HOLDINGS LLC;REEL/FRAME:066582/0531 Effective date: 20240129 |